* Paul Wise (p...@debian.org) wrote: > Hi all, > > I have prepared a short document on static linking and Debian, with the > aim to reduce existing static linking, document unavoidable static > linking and find ways to mitigate unavoidable static linking. > > https://wiki.debian.org/StaticLinking > > I'm hoping folks on this list will help extend the document, especially > with info about languages that do not support dynamic linking and with > ideas for detecting static linking and encouraging use of Built-Using.
Thanks for writing this! What's the current thinking on embedded libraries in source code? One of my packages has an embedded (and slightly modified) version of libevent that it links statically. It doesn't seem like Built-Using is the right thing to use in this situation since it's not embedding another package. However it seems like a good idea to make this information visible somehow, for example to help the security-team find vulnerable embedded versions of software. -- Eric Dorland <e...@kuroneko.ca> 43CF 1228 F726 FD5B 474C E962 C256 FBD5 0022 1E93
signature.asc
Description: Digital signature
